Privacy Review Needed for Prospective MozCamp Asia Vendors

RESOLVED FIXED

Status

--
major
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: knaszradi, Assigned: smartin)

Tracking

Details

(Whiteboard: privacy review completed - resolved)

Attachments

(5 attachments)

(Reporter)

Description

6 years ago
Created attachment 654689 [details]
e27 questionnaire

Hi all:

We're hoping to make our decision on which vendor we would like to contract for MozCamp Asia by end of next week. While we are reviewing their proposals, we'd like to get your feedback on the privacy questionnaires they have provided for us. We will also be submitting the final questionnaire on this bug tomorrow (for a total of 3). Please let us know if you have any questions.

Thanks,

Kate
(Reporter)

Comment 1

6 years ago
Created attachment 654690 [details]
e27 Privacy Policy
(Reporter)

Comment 2

6 years ago
Created attachment 654692 [details]
World Express Questionnaire
(Reporter)

Comment 3

6 years ago
Created attachment 654933 [details]
Red Events Privacy Questionnaire

Red Events also indicated:
"We currently do not have a company privacy policy set in place as we would usually follow our clients guidelines, we would be happy to adopt Mozilla's privacy policy for this event."
(Reporter)

Comment 4

6 years ago
Created attachment 655601 [details]
World Express Privacy Policy/Agreement
(Reporter)

Comment 5

6 years ago
Hi! 

I've now attached privacy questionnaires that have been completed from our prospective Asia vendors. We are highly leaning towards choosing e27 based on their experience with similar technology clients and would like to be able to let them know by EOW. Would it be possible to get a review of their questionnaire by tomorrow EOD? It would be much appreciated!

Please let me know if you have any questions.

Thanks,

Kate
(Assignee)

Updated

6 years ago
Assignee: nobody → smartin
Whiteboard: under privacy review
(Assignee)

Comment 6

6 years ago
Hi Kate,

I read through all of the attached documents.  For e27, can you ask them to clarify if/how they would be using Basecamp and Eventbrite for our event?  And if/how they would be using viral sharing for our event?
(Assignee)

Comment 7

6 years ago
To clarify, my preference is that they don't use either.  Is either needed or requested by us?  Other than that, they look fine to me, as long as they're willing to sign our data addendum.  Their privacy policy isn't very robust, but our contract language should remedy that.

Updated

6 years ago
Blocks: 786147
(Reporter)

Comment 8

6 years ago
Thanks Stacy, I'm emailing them this question now and cc'ing you. Should I provide them with the data addendum now or would this be a part of the contract?

Thanks!

Kate
(Reporter)

Comment 9

6 years ago
Answers from e27 (Stacy - I've also cc'd you on the email chain):

1) Basecamp is a project management tool we will use internally to manage the project. This allows us to better communicate with the team. This tool will be used for internal staff only, so only the project mangers from e27 and Embrya will access it. At the end of the project, we will delete all materials pertaining to the project. If there is any retained information, we will export it and pass it to you.

2) Eventbrite is a event management and registration program we use. In this case, since Mozilla will be handling registration, we wont be using this registration system. If Mozilla would like us to handle the registration, then we will use Eventbrite. It gives us a secure environment to manage user data and update attendees of the event. At the end of the event, we will be surrendering all the data to Mozilla and will be deleting all the records from the system. e27 will not be retaining any attendee records.

3) There will be no viral sharing for the event since this is a closed event and non-Mozilla members will not be allowed at the event.
(Assignee)

Comment 10

6 years ago
Thank you, Kate.  It sounds like the security review would cover Basecamp, if it will contain personal info (PII).  If no PII, then no privacy concerns.  With no Eventbrite and no viral sharing, looks fine so long as they sign the data addendum.
(Reporter)

Comment 11

6 years ago
Great - thanks Stacy!
(Assignee)

Comment 12

6 years ago
I'm going to close this one out, since the privacy review has been completed.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Whiteboard: under privacy review → privacy review completed - resolved
(Reporter)

Comment 13

6 years ago
Thanks Stacy!
You need to log in before you can comment on or make changes to this bug.